On 04 Jun 2003 15:30:01 +0300
Zaid Amireh <tumbak_at_inbox.lv> wrote:
> hello all,
> please don't flame me, I'm just a student seeking knowledge.
> we are three undergraduate students, we have much interest in security
> in general and NIDS's in specific, so we decided to code a simple NIDS
> as our graduation project.
> we read a lot about the theoretical parts, but we couldn't find any
> technical documents about building an ids from scratch, we do have a
> general overview of what we are to do, but as you know, getting a second
> opinion is always better :)
> so if you were asked to code a simple NIDS, where would you start and
> what path would you choose?
> thanks for your time.
>
The best way is to use libpcap to catch packets.
You can get tutorials on how to use it on the tcpdump webpage.
(http://www.tcpdump.org/)
The sniffer, tcpdump use it, you can also look closer to its sources.
If it's just for a graduation project, you'll not need to fight very much to have
something funny.
-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
- including intrusion identification, relevancy, direction, impact and analysis
- enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Received on Jun 04 2003
Intro
